I work for a company from home online, using my own laptop. To work, I have to login to their network through a web browser, Google Chrome. The URL begins with: https:// . I use a User ID and password. I log off whenever I go on break or when I finish a shift. Since it's my own personal laptop, not company-issued, do they have the technical means to monitor other websites I may be on when working or even when not working? Do they also have the ability to turn on the laptop camera and audio without my knowing, and possibly even record?

Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question.
If this question can be reworded to fit the rules in the help center, please edit the question.

Is this like Citrix or website, did you install any plugin?
–
Eric GMay 2 '14 at 1:39

2 Answers
2

According to your comments you seem to be working remotely through a web interface displayed in a web browser.

That website doesn't have more or less technical possibilities on your computer than any other website. It should be unable to monitor any other activity on your computer like accessing other websites or running other programs.

The website should also be unable to access your webcam or microphone unless you gave it permission to do so. You can see which websites have special permissions in Chrome's settings menu under Settings->Advanced Settings->Content Settings->Media. Note the "Exceptions" button where you can see if specific websites have different permissions.

However, there might be other software you installed on your machine which might be back-doored. Especially when using that website required you to install any additional plugins, these plugins might give the website additional abilities to spy on your machine.

If you are working on a "virtual desktop" or "remote desktop" then its likely the application is relying upon plugins which could potentially invalidate the browser-sandbox. (e.g., something like Citrix)

In this case, the code is not relegated to the confines of your browser and potentially could interact with your file system. I am not aware of any vendor which purposefully offers such capabilities, could potentially be a legal liability in that case; but theoretically, if its not just a website with HTML, JavaScript, or in the browser-type stuff, then yes your local PC could be accessed. Now, an attacker may be able to take advantage of a vulnerability in something like Citrix Receiver and then monitor you.

In terms of "not working": on the virtual desktop they could likely remotely watch it, if they wanted to, they could also run some type of monitoring software that shows how often your mouse moves, when the windows loses focus, etc. This would be possible even with just JavaScript.